I seem to recall that the proposal involved HTTP clients kinda acting
like servers, in that certain content types were supposed to trigger
the client into sending files.
This seems like an HTTP protocol change to me.
And what of security? What's to stop a server from responding with
Content-Type: application/file-upload-request
/etc/passwd
Hmmm.. it seems like the client should remember what files it told the
server that it wanted to upload. Now you've got implicit state between
transactions. How long does the client wait for the server to respond
before throwing the state away?
(I'm afraid I'm asking questions that have been covered, but I
can't seem to find a copy of the proposal. The BOF announcement,
for example, doesn't have a link to it.)
Dan